Last updated: March 2026
Statura Care Pty Ltd (ABN pending) is committed to protecting the privacy of personal and health information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
We collect personal information necessary to provide aged care management services, including: names, contact details, dates of birth, healthcare identifiers (IHI, NDIS numbers), clinical observations, care plans, medication records, and financial information.
Personal information is used to: deliver care management services, generate regulatory reports (SIRS, AN-ACC, DEX), process financial claims, and improve service quality.
All data is stored in Australia (AWS ap-southeast-2 Sydney region). We use encryption at rest and in transit, tenant-scoped access controls, and activity logging for supported portal and workforce actions. Multi-factor authentication may be required for workforce or administrative users where enabled by the provider.
We share information only with: the Aged Care Quality and Safety Commission (SIRS reporting), Services Australia (DEX, PRODA), healthcare providers (FHIR R4 AU Core), and as required by law.
Under the Privacy Act, you have the right to: access your personal information, request corrections, withdraw consent, and lodge complaints with the Office of the Australian Information Commissioner (OAIC).
Clients and their representatives can request a full export of their records in JSON format. Administrators can initiate data exports from the client management interface.
Clinical records are retained for 7 years after the last contact, in accordance with Australian aged care record-keeping requirements. Session data is retained for 90 days.
In the event of a data breach likely to result in serious harm, we will notify affected individuals and the OAIC in accordance with the Notifiable Data Breaches scheme.
Privacy Officer: privacy@statura.care